Example #1
0
 /**
  * @depends testInitSessionCredentials
  */
 public function testProtectedConfigSettings($session_token)
 {
     $sensitiveSettings = array('proxy_passwd', 'smtp_passwd');
     // set a non empty value to the sessionts to check
     foreach ($sensitiveSettings as $name) {
         Config::setConfigurationValues('core', array($name => 'not_empty_password'));
         $value = Config::getConfigurationValues('core', array($name));
         $this->assertArrayHasKey($name, $value);
         $this->assertNotEmpty($value[$name]);
     }
     $where = "'" . implode("', '", $sensitiveSettings) . "'";
     $config = new config();
     $rows = $config->find("`context`='core' AND `name` IN ({$where})");
     $this->assertEquals(count($sensitiveSettings), count($rows));
     // Check the value is not retrieved for sensitive settings
     foreach ($rows as $row) {
         $res = $this->doHttpRequest('GET', "Config/" . $row['id'], ['headers' => ['Session-Token' => $session_token]]);
         $this->assertEquals(200, $res->getStatusCode());
         $body = $res->getBody();
         $data = json_decode($body, true);
         $this->assertEquals('', $data['value']);
     }
     // Check an other setting is disclosed (when not empty)
     $config = new Config();
     $config->getFromDBByQuery("WHERE `context`='core' AND `name`='admin_email'");
     $res = $this->doHttpRequest('GET', "Config/" . $config->getID(), ['headers' => ['Session-Token' => $session_token]]);
     $this->assertEquals(200, $res->getStatusCode());
     $body = $res->getBody();
     $data = json_decode($body, true);
     $this->assertNotEquals('', $data['value']);
     // Check a search does not disclose sensitive values
     $criteria = array();
     $queryString = "";
     foreach ($rows as $row) {
         $queryString = "&criteria[][link]=or&criteria[][field]=1&criteria[][searchtype]=equals&criteria[][value]=" . $row['name'];
     }
     $res = $this->doHttpRequest('GET', "search/Config" . "?{$queryString}", ['headers' => ['Session-Token' => $session_token], 'query' => array()]);
     $this->assertEquals(200, $res->getStatusCode());
     $body = $res->getBody();
     $data = json_decode($body, true);
     foreach ($data['data'] as $row) {
         foreach ($row as $col) {
             $this->assertNotEquals($col, 'not_empty_password');
         }
     }
 }